rsieiro / RSOAuthEngine

ARC based OAuth engine for MKNetworkKit
http://rodrigo.sharpcube.com
150 stars 33 forks source link

First time authorized application cannot send tweet #1

Closed korableff closed 12 years ago

korableff commented 12 years ago

When i start first time TwitterDemo application and signing to twitter, demo app cannot send tweet, return error and in debug log i see message from MKNetworkKit

Response

{"error":"Could not authenticate you.","request":"\/1\/statuses\/update.json"}

But in status label message that i logged in as @...

But if i just re-run application, it already logged in twitter, tweets sends correct. This bug reproduced many times on different devices.

rsieiro commented 12 years ago

Could you please attach the log from the whole auth flow that happened before the error? Feel free to delete any names or tokens, I just wanna see the responses to each request.

Thanks!

korableff commented 12 years ago

Hi! Thanks for reply. In attached files stored complete logs for first and second runs TwitterDemo. My consumer keys also stored, i will recreate it later.

2011/12/19 Rodrigo Sieiro < reply@reply.github.com

Could you please attach the log from the whole auth flow that happened before the error? Feel free to delete any names or tokens, I just wanna see the responses to each request.

Thanks!


Reply to this email directly or view it on GitHub: https://github.com/rsieiro/RSOAuthEngine/issues/1#issuecomment-3197974

GNU gdb 6.3.50-20050815 (Apple version gdb-1708) (Thu Nov 3 21:59:02 UTC 2011) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-apple-darwin".Attaching to process 40763. 2011-12-19 09:05:37.186 TwitterDemo[40763:b303] -[MKNetworkEngine initWithHostName:customHeaderFields:] [Line 91] Engine initialized with host: api.twitter.com 2011-12-19 09:05:37.252 TwitterDemo[40763:10703] Reachability: -R ------- 2011-12-19 09:05:37.668 TwitterDemo[40763:b303] -[MKNetworkEngine reachabilityChanged:] [Line 155] Server [api.twitter.com] is reachable via Wifi 2011-12-19 09:06:02.401 TwitterDemo[40763:b303] -[MKNetworkOperation start] [Line 754] Monday, December 19, 2011 9:06:02 AM Moscow Standard Time

Request

curl -X POST -H "Authorization: OAuth oauth_nonce="81BD1448-9732-423E-AF40-DDA6F2A70813", oauth_timestamp="1324274762", oauth_version="1.0", oauth_consumer_key="CBcuaeLH42OrS707ORUzw", oauth_signature="3j5Sb1CwoKXbYssZvbymUoVmlA4%3D", oauth_signature_method="HMAC-SHA1", oauth_callback="rstwitterengine%3A%2F%2Fauth_token"" -H "Accept-Language: en, fr, de, ja, nl, it, es, pt, pt-PT, da, fi, nb, sv, ko, zh-Hans, zh-Hant, ru, pl, tr, uk, ar, hr, cs, el, he, ro, sk, th, id, ms, en-GB, ca, hu, vi, en-us" "https://api.twitter.com/oauth/request_token" 2011-12-19 09:06:03.638 TwitterDemo[40763:b303] -[MKNetworkOperation operationSucceeded] [Line 1110] Monday, December 19, 2011 9:06:03 AM Moscow Standard Time

Request

curl -X POST -H "Authorization: OAuth oauth_nonce="81BD1448-9732-423E-AF40-DDA6F2A70813", oauth_timestamp="1324274762", oauth_version="1.0", oauth_consumer_key="CBcuaeLH42OrS707ORUzw", oauth_signature="3j5Sb1CwoKXbYssZvbymUoVmlA4%3D", oauth_signature_method="HMAC-SHA1", oauth_callback="rstwitterengine%3A%2F%2Fauth_token"" -H "Accept-Language: en, fr, de, ja, nl, it, es, pt, pt-PT, da, fi, nb, sv, ko, zh-Hans, zh-Hant, ru, pl, tr, uk, ar, hr, cs, el, he, ro, sk, th, id, ms, en-GB, ca, hu, vi, en-us" "https://api.twitter.com/oauth/request_token"

Response

oauth_token=GBSJfm9FBv3gC5HuFqhLlxGndNYUmYEN2Wxw7ERk&oauth_token_secret=0TobhRhlgJtYnUMgDqvpFK9QMS4NdTBZhpjpk1DcM&oauth_callback_confirmed=true [Switching to process 40763 thread 0xd603] 2011-12-19 09:06:34.155 TwitterDemo[40763:b303] -[MKNetworkOperation start] [Line 754] Monday, December 19, 2011 9:06:34 AM Moscow Standard Time

Request

curl -X POST -H "Authorization: OAuth oauth_verifier="b8lEefkh0TQaq0Gq7qpD2XxfH3J1HarIZEAb8w5tbk", oauth_nonce="33658640-1B66-482A-8D09-CD70F43E4527", oauth_timestamp="1324274794", oauth_version="1.0", oauth_consumer_key="CBcuaeLH42OrS707ORUzw", oauth_token="GBSJfm9FBv3gC5HuFqhLlxGndNYUmYEN2Wxw7ERk", oauth_signature="YyEHPctBZMhpqsPeXys3I%2FY7vgw%3D", oauth_signature_method="HMAC-SHA1", oauth_callback="rstwitterengine%3A%2F%2Fauth_token"" -H "Accept-Language: en, fr, de, ja, nl, it, es, pt, pt-PT, da, fi, nb, sv, ko, zh-Hans, zh-Hant, ru, pl, tr, uk, ar, hr, cs, el, he, ro, sk, th, id, ms, en-GB, ca, hu, vi, en-us" "https://api.twitter.com/oauth/access_token" 2011-12-19 09:06:34.886 TwitterDemo[40763:b303] -[MKNetworkOperation operationSucceeded] [Line 1110] Monday, December 19, 2011 9:06:34 AM Moscow Standard Time

Request

curl -X POST -H "Authorization: OAuth oauth_verifier="b8lEefkh0TQaq0Gq7qpD2XxfH3J1HarIZEAb8w5tbk", oauth_nonce="33658640-1B66-482A-8D09-CD70F43E4527", oauth_timestamp="1324274794", oauth_version="1.0", oauth_consumer_key="CBcuaeLH42OrS707ORUzw", oauth_token="GBSJfm9FBv3gC5HuFqhLlxGndNYUmYEN2Wxw7ERk", oauth_signature="YyEHPctBZMhpqsPeXys3I%2FY7vgw%3D", oauth_signature_method="HMAC-SHA1", oauth_callback="rstwitterengine%3A%2F%2Fauth_token"" -H "Accept-Language: en, fr, de, ja, nl, it, es, pt, pt-PT, da, fi, nb, sv, ko, zh-Hans, zh-Hant, ru, pl, tr, uk, ar, hr, cs, el, he, ro, sk, th, id, ms, en-GB, ca, hu, vi, en-us" "https://api.twitter.com/oauth/access_token"

Response

oauth_token=347144896-ZHS8lcpogQTtTQzxkKhxyV7gp4wPutz3jbKLy7oG&oauth_token_secret=mxXu6HfzJoDaqvppdOH760mYC7YdMO4uHvR8RJzWns&user_id=347144896&screen_name=denistest 2011-12-19 09:06:34.958 TwitterDemo[40763:b303] -[MKNetworkOperation start] [Line 754] Monday, December 19, 2011 9:06:34 AM Moscow Standard Time

Request

curl -X POST -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -H "Authorization: OAuth oauth_nonce="A8C7278A-6A74-48EB-96D9-F62113470639", oauth_timestamp="1324274794", oauth_version="1.0", oauth_consumer_key="CBcuaeLH42OrS707ORUzw", oauth_token="347144896-ZHS8lcpogQTtTQzxkKhxyV7gp4wPutz3jbKLy7oG", oauth_signature="HfmralEKzEqP0NypqQhfat9tIto%3D", oauth_signature_method="HMAC-SHA1"" -H "Accept-Language: en, fr, de, ja, nl, it, es, pt, pt-PT, da, fi, nb, sv, ko, zh-Hans, zh-Hant, ru, pl, tr, uk, ar, hr, cs, el, he, ro, sk, th, id, ms, en-GB, ca, hu, vi, en-us" "http://api.twitter.com/1/statuses/update.json" -d "status=Test tweet" 2011-12-19 09:06:35.650 TwitterDemo[40763:b303] -[MKNetworkOperation operationFailedWithError:] [Line 1118] Monday, December 19, 2011 9:06:35 AM Moscow Standard Time

Request

curl -X POST -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -H "Authorization: OAuth oauth_nonce="A8C7278A-6A74-48EB-96D9-F62113470639", oauth_timestamp="1324274794", oauth_version="1.0", oauth_consumer_key="CBcuaeLH42OrS707ORUzw", oauth_token="347144896-ZHS8lcpogQTtTQzxkKhxyV7gp4wPutz3jbKLy7oG", oauth_signature="HfmralEKzEqP0NypqQhfat9tIto%3D", oauth_signature_method="HMAC-SHA1"" -H "Accept-Language: en, fr, de, ja, nl, it, es, pt, pt-PT, da, fi, nb, sv, ko, zh-Hans, zh-Hant, ru, pl, tr, uk, ar, hr, cs, el, he, ro, sk, th, id, ms, en-GB, ca, hu, vi, en-us" "http://api.twitter.com/1/statuses/update.json" -d "status=Test tweet"

Response

{"error":"Could not authenticate with OAuth.","request":"\/1\/statuses\/update.json"}

GNU gdb 6.3.50-20050815 (Apple version gdb-1708) (Thu Nov 3 21:59:02 UTC 2011) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-apple-darwin".Attaching to process 40792. 2011-12-19 09:07:32.655 TwitterDemo[40792:b303] -[MKNetworkEngine initWithHostName:customHeaderFields:] [Line 91] Engine initialized with host: api.twitter.com 2011-12-19 09:07:32.727 TwitterDemo[40792:10703] Reachability: -R ------- 2011-12-19 09:07:33.023 TwitterDemo[40792:b303] -[MKNetworkEngine reachabilityChanged:] [Line 155] Server [api.twitter.com] is reachable via Wifi 2011-12-19 09:07:48.047 TwitterDemo[40792:b303] -[MKNetworkOperation start] [Line 754] Monday, December 19, 2011 9:07:48 AM Moscow Standard Time

Request

curl -X POST -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -H "Authorization: OAuth oauth_nonce="E0DF1163-FA1F-46BD-8FF1-B3B7CFE94A3E", oauth_timestamp="1324274868", oauth_version="1.0", oauth_consumer_key="CBcuaeLH42OrS707ORUzw", oauth_token="347144896-ZHS8lcpogQTtTQzxkKhxyV7gp4wPutz3jbKLy7oG", oauth_signature="f6j6NlISt0qvrO9rwKoIbrTtxxI%3D", oauth_signature_method="HMAC-SHA1"" -H "Accept-Language: en, fr, de, ja, nl, it, es, pt, pt-PT, da, fi, nb, sv, ko, zh-Hans, zh-Hant, ru, pl, tr, uk, ar, hr, cs, el, he, ro, sk, th, id, ms, en-GB, ca, hu, vi, en-us" "http://api.twitter.com/1/statuses/update.json" -d "status=Test re-run tweet" 2011-12-19 09:07:48.662 TwitterDemo[40792:b303] -[MKNetworkOperation operationSucceeded] [Line 1110] Monday, December 19, 2011 9:07:48 AM Moscow Standard Time

Request

curl -X POST -H "Content-Type: application/x-www-form-urlencoded; charset=utf-8" -H "Authorization: OAuth oauth_nonce="E0DF1163-FA1F-46BD-8FF1-B3B7CFE94A3E", oauth_timestamp="1324274868", oauth_version="1.0", oauth_consumer_key="CBcuaeLH42OrS707ORUzw", oauth_token="347144896-ZHS8lcpogQTtTQzxkKhxyV7gp4wPutz3jbKLy7oG", oauth_signature="f6j6NlISt0qvrO9rwKoIbrTtxxI%3D", oauth_signature_method="HMAC-SHA1"" -H "Accept-Language: en, fr, de, ja, nl, it, es, pt, pt-PT, da, fi, nb, sv, ko, zh-Hans, zh-Hant, ru, pl, tr, uk, ar, hr, cs, el, he, ro, sk, th, id, ms, en-GB, ca, hu, vi, en-us" "http://api.twitter.com/1/statuses/update.json" -d "status=Test re-run tweet"

Response

{"contributors":null,"in_reply_to_user_id":null,"in_reply_to_status_id":null,"favorited":false,"geo":null,"user":{"statuses_count":9,"profile_background_image_url":"http:\/\/a0.twimg.com\/images\/themes\/theme1\/bg.png","protected":false,"default_profile_image":false,"show_all_inline_media":false,"following":false,"friends_count":7,"profile_link_color":"0084B4","name":"Test User","default_profile":true,"is_translator":false,"time_zone":null,"utc_offset":null,"profile_background_color":"C0DEED","description":"","location":"","contributors_enabled":false,"profile_background_tile":false,"profile_background_image_url_https":"https:\/\/si0.twimg.com\/images\/themes\/theme1\/bg.png","favourites_count":0,"profile_sidebar_fill_color":"DDEEF6","url":null,"lang":"ru","verified":false,"profile_sidebar_border_color":"C0DEED","profile_image_url_https":"https:\/\/si0.twimg.com\/profile_images\/1698646776\/av_150_normal.png","id_str":"347144896","listed_count":0,"profile_use_background_image":true,"created_at":"Tue Aug 02 10:26:40 +0000 2011","id":347144896,"follow_request_sent":false,"geo_enabled":false,"notifications":false,"profile_text_color":"333333","followers_count":0,"profile_image_url":"http:\/\/a3.twimg.com\/profile_images\/1698646776\/av_150_normal.png","screen_name":"denistest"},"truncated":false,"retweet_count":0,"in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"id_str":"148645688140496896","place":null,"retweeted":false,"source":"\u003Ca href=\"http:\/\/bit.ly\/sHXv6x\" rel=\"nofollow\"\u003EHPC T\u044e\u043d\u0438\u043d\u0433\u003C\/a\u003E","in_reply_to_user_id_str":null,"id":148645688140496896,"created_at":"Mon Dec 19 06:07:48 +0000 2011","coordinates":null,"text":"Test re-run tweet"}

rsieiro commented 12 years ago

I guess I found the problem, can you do a little test to confirm?

I believe Twitter has a bug that when an user marks the option "Always use HTTPS" in their profile, it refuses any request (apparently only after the authentication) that is not HTTPS, even though the option should only affect web access.

To confirm that, please change the call in line 280 of RSTwitterEngine.m, adding a parameter to force SSL. The call should look like this:

MKNetworkOperation *op = [self operationWithPath:TW_STATUS_UPDATE 
                                          params:postParams
                                      httpMethod:@"POST"
                                             ssl:YES];

Then test again, and the first call after authentication should work. If it works, please update this ticket and I'll issue a fix on my code.

korableff commented 12 years ago

Thanks for this solution! It really works and fixes this bug. You can fix this in your source code!

rsieiro commented 12 years ago

Fixed!